CVE-2005-0402

2005-05-0204:00:00

redhat

web.nvd.nist.gov

112

cve-2005-0402

firefox

code execution

remote attackers

javascript

nvd

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.891

Percentile

98.7%

JSON

Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.

Affected configurations

Nvd

Node

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

VendorProductVersionCPE
mozillafirefox0.9.1cpe:/a:mozilla:firefox:0.9.1:::
mozillafirefox0.9cpe:/a:mozilla:firefox:0.9:rc::
mozillafirefox0.8cpe:/a:mozilla:firefox:0.8:::
mozillafirefox1.0.1cpe:/a:mozilla:firefox:1.0.1:::
mozillafirefox1.0cpe:/a:mozilla:firefox:1.0:::
mozillafirefox0.10cpe:/a:mozilla:firefox:0.10:::
mozillafirefox0.9.3cpe:/a:mozilla:firefox:0.9.3:::
mozillafirefox1.0.2cpe:/a:mozilla:firefox:1.0.2:::
mozillafirefox0.9cpe:/a:mozilla:firefox:0.9:::
mozillafirefox0.9.2cpe:/a:mozilla:firefox:0.9.2:::

Vendor	Product	Version	CPE
mozilla	firefox	0.9.1	cpe:/a:mozilla:firefox:0.9.1:::
mozilla	firefox	0.9	cpe:/a:mozilla:firefox:0.9:rc::
mozilla	firefox	0.8	cpe:/a:mozilla:firefox:0.8:::
mozilla	firefox	1.0.1	cpe:/a:mozilla:firefox:1.0.1:::
mozilla	firefox	1.0	cpe:/a:mozilla:firefox:1.0:::
mozilla	firefox	0.10	cpe:/a:mozilla:firefox:0.10:::
mozilla	firefox	0.9.3	cpe:/a:mozilla:firefox:0.9.3:::
mozilla	firefox	1.0.2	cpe:/a:mozilla:firefox:1.0.2:::
mozilla	firefox	0.9	cpe:/a:mozilla:firefox:0.9:::
mozilla	firefox	0.9.2	cpe:/a:mozilla:firefox:0.9.2:::